## Configuração para mg.partidopirata.org
server {
  listen 80;
  listen [::]:80;
  server_name mg.movimentopirata.org;
  return 301 https://mg.movimentopirata.org$request_uri;
}
server {
  listen 80;
  listen [::]:80;
  server_name *.mg.movimentopirata.org;
  return 301 http://mg.movimentopirata.org$request_uri;
}

## SSL
server {
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_ecdh_curve secp384r1;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;
  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 208.67.220.220 208.67.222.222 valid=300s;
  resolver_timeout 5s;
  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;
  ssl_certificate /etc/letsencrypt/live/partidopirata.org-0001/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/partidopirata.org-0001/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/partidopirata.org-0001/chain.pem;

  server_name mg.partidopirata.org;

  root /var/www/www/wp/mg.movimentopirata.xyz/;

  index index.php;
  # Global restrictions configuration file.
  # Designed to be included in any server {} block.
  location /favicon.ico {
    log_not_found off;
    access_log off;
  }

  location /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
  # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
  location ~ /\. {
    deny all;
  }

  # Deny access to any files with a .php extension in the uploads directory
  # Works in sub-directory installs and also in multisite network
  # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
  location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
  }

  # WordPress single site rules.
  # Designed to be included in any server {} block.

  # This order might seem weird - this is attempted to match last if rules below fail.
  # http://wiki.nginx.org/HttpCoreModule
  location / {
    try_files $uri $uri/ /index.php?$args;
  }

  # Add trailing slash to */wp-admin requests.
  rewrite /wp-admin$ $scheme://$host$uri/ permanent;

  # Directives to send expires headers and turn off 404 error logging.
  location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
         access_log off; log_not_found off; expires max;
  }

  # Uncomment one of the lines below for the appropriate caching plugin (if used).
  #include global/wordpress-wp-super-cache.conf;
  #include global/wordpress-w3-total-cache.conf;

  # Pass all .php files onto a php-fpm/php-fcgi server.
  location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
      return 404;
    }
    # This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)

    #include fastcgi_params;
    fastcgi_index index.php;
    #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    # fastcgi_intercept_errors on;
    #fastcgi_pass php;
    include /etc/nginx/fastcgi_params;
    fastcgi_param PATH_INFO $fastcgi_script_name;
    fastcgi_param SCRIPT_NAME "";
    fastcgi_pass unix:/var/run/php5-fpm-mgmovimentopirata.sock;
  }
}

## Tor
server {
  listen 127.0.0.1:42911;
  allow 127.0.0.1;
  deny all;

  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;

  server_name mg4hkdeljcl6n4pl.onion;

  root /var/www/www/wp/mg.movimentopirata.xyz/;

  index index.php;
  # Global restrictions configuration file.
  # Designed to be included in any server {} block.
  location /favicon.ico {
    log_not_found off;
    access_log off;
  }

  location /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
  # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
  location ~ /\. {
    deny all;
  }

  # Deny access to any files with a .php extension in the uploads directory
  # Works in sub-directory installs and also in multisite network
  # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
  location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
  }

  # WordPress single site rules.
  # Designed to be included in any server {} block.

  # This order might seem weird - this is attempted to match last if rules below fail.
  # http://wiki.nginx.org/HttpCoreModule
  location / {
    try_files $uri $uri/ /index.php?$args;
  }

  # Add trailing slash to */wp-admin requests.
  rewrite /wp-admin$ $scheme://$host$uri/ permanent;

  # Directives to send expires headers and turn off 404 error logging.
  location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
         access_log off; log_not_found off; expires max;
  }

  # Uncomment one of the lines below for the appropriate caching plugin (if used).
  #include global/wordpress-wp-super-cache.conf;
  #include global/wordpress-w3-total-cache.conf;

  # Pass all .php files onto a php-fpm/php-fcgi server.
  location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
      return 404;
    }
    # This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)

    #include fastcgi_params;
    fastcgi_index index.php;
    #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    # fastcgi_intercept_errors on;
    #fastcgi_pass php;
    include /etc/nginx/fastcgi_params;
    fastcgi_param PATH_INFO $fastcgi_script_name;
    fastcgi_param SCRIPT_NAME "";
    fastcgi_pass unix:/var/run/php5-fpm-mgmovimentopirata.sock;
  }
}

